Flexera, a software asset management company, released a three-month vulnerability update last week. From May to July over 2,000 vulnerabilities were found in the top 20 most vulnerable pieces of software, many of which are probably being used in your office.
It isn't just applications
Microsoft, one of the worst offenders in the list, isn't just plagued by vulnerabilities in its apps: Windows 10, Server 2012, Windows 8, and Windows RT are all in the top 20. Microsoft actually sports the most vulnerabilities of any vendor with 518.
Apple isn't free from susceptibility either—Mac OS X landed in the top three in both May and July.
SEE: Network Security Policy (Tech Pro Research)
One of the biggest reasons why Windows and Mac OS platforms have so many vulnerabilities isn't necessarily due to the OS itself: it's due to the fact that users aren't good at keeping their machines up to date. While you can't control group policy on someone's home PC, it's essential that update schedules are kept up in the workplace.
It might be impossible to win the race against security vulnerabilities, but that doesn't mean your company can afford to get lax. Hackers are always going to look for the easiest ways in, and those are usually the ones that have been around for a while.
It isn't just popular software either
It makes sense that Microsoft's entire catalog would lead the pack with 518 vulnerabilities—its products are nearly universal in every kind of business. That doesn't mean, however, that niche software is safe.
One single piece of software—Philips Xper Connect—came in with nearly 300 vulnerabilities. Xper Connect is a hospital-level management platform that connects patient records, lab results, and other data into one massive app, and that many vulnerabilities makes it a serious risk to patient confidentiality.
SEE: Endpoint security: People are the biggest source of vulnerability (TechRepublic)
The report points out that medical records are a top target for hackers because of how much personal identifying information they contain. Xper users, it recommends, need to evaluate their systems for security and perhaps consider finding a new vendor if the flaws aren't patched quickly.
The 3 big takeaways for TechRepublic readers
- Microsoft leads the pack with the most vulnerabilities. Keeping desktops, servers, and mobile computers up to date is essential in maintaining workplace security.
- Smaller platforms aren't immune either, and sometimes niche software is the most vulnerable. If you are using a smaller scale platform be sure your network security makes up for potential weak points.
- It's impossible to stay ahead in the security vulnerabilities game, but keeping every byte of software patched can make a huge difference. Make sure you have a solid update policy in place.
- Cyber threat hunting: How this vulnerability detection strategy gives analysts an edge (TechRepublic)
- All versions of Windows hit by "critical" security vulnerabilities (ZDNet)
- Former NSA and CIA director recommends managing consequences instead of vulnerabilities (TechRepublic)
- Severe vulnerabilities discovered in HTTP/2 protocol (ZDNet)
- "SWAT Team of Nerds" exposes cyber-insecurity at Pentagon(CBS News)
Brandon Vigliarolo has nothing to disclose. He does not hold investments in the technology companies he covers.
Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.